“The library is still in the early stages of its recovery and many of its services and systems are still unavailable.”Photo: SOPA Images/LightRocket/Getty Images
It is not entirely accurate to say that the cyber attack on the British Library took place on October 28, 2023. Most likely, Rhysida, the hacker gang that orchestrated the attack and is believed to be Russian, had already sneaked through the digital media unnoticed. was the territory of the British Library for months, said Enrico Mariconti, lecturer in security and crime sciences at UCL.
Once it breached the library’s Virtual Private Network (VPN)—the remote connection that allows employees to access the network from anywhere—it could theoretically work its way through locked door after locked door of the library’s many online systems library, until it discovered emails and documents containing details such as employee passport scans and employment contracts. It hoped that these documents might entice a single bidder to pay 20 bitcoins (about £600,000) for privileged access to all that personal information.
Ultimately, after the British Library refused to pay a £600,000 ransom, the hackers published almost 500,000 files containing what they called “exclusive, unique and impressive” stolen data, which anyone could download for free via the dark web. A picture of the aftermath of Rhysida’s attack in October might look like this: a national library from the pre-digital era, no Wi-Fi, no computer access, and even the phone lines are dead. Only there was one crucial difference. No one could even use the British Library’s vast collection of 170 million items. Three months later, the library is still in the early stages of its recovery and many of its services and systems are still unavailable. Rhysida’s attack is “one of the worst cyber incidents in British history,” according to Ciaran Martin, the former CEO of the National Cyber Security Centre.
Long gone are the days of solo hackers who breached computer security systems to show off and show off, like the bleached teenagers in the 1995 movie Hackers. In February 2022, years of internal messages from a Russian ransomware group were leaked, creating a provided insight into the logistical dynamics of hacker groups. The group in question often had more than a hundred employees on its payroll, each working remotely on the various moving parts of the carefully planned cyber attacks. Its workforce was spread across numerous departments, each with its own budget, and it had a dedicated HR department. In recent years, cybercrime has evolved from a cottage industry into a slick, specialized crime racket.
Rhysida is a ransomware-as-a-service group. This means that anyone can contract it to target a victim of their choice. The clients don’t need to have basic knowledge of cybercrime because Rhysida will do the heavy lifting. It discovers how to hack into the victim’s private network, retrieve information, then encrypt the victim’s data and send the ransom note, having determined in advance an amount that will be significant, but not enough to to bankrupt the victim. It then maintains contact with the victim through a messaging portal, while simultaneously providing the client with a detailed analysis of progress.
The motivations are varied. Mariconti told me he believes the cyberattack on the British Library was likely a “showcase” operation. High-profile attacks act like an advertisement to potential customers. “It says, ‘Hey, we’re capable of attacking a major institution,’” Mariconti said. “Come to us, give us money, and we’ll take whatever you want.” Then there is the opportunistic element. The British Library is a critically important location of knowledge, but unlike the NHS or GCHQ, a cyber security breach would not pose an immediate threat to public safety. There are therefore fewer incentives for the government to improve its IT systems.
The future of cybercrime is starting to look like any other arms race. There are many Russian-affiliated hacker groups, which generally do not carry out attacks on their own countries (many types of malware do not even work on Russian computers). Nicole Perlroth, former chief cybersecurity reporter for the New York Times, summarizes Russia’s guidelines for hackers this way: “First, don’t hack into the motherland. And second, when the Kremlin asks for a favor, you do what it asks.” Meanwhile, in Britain, the government’s lack of investment in cyber security has made the country an open target for potential aggressors (last year the Treasury posted a vacancy for a head of cyber security with a starting salary of £50,000; the average salary for a role as head of cyber security in the private sector is almost double that number).
And then there are the other hidden costs underlying this arms race: its impact on the environment. Running the servers that build the malware or defend against such attacks requires enormous CO2 emissions. In 2020, a US cybersecurity company managed to decrypt the malware that had excluded a technology manufacturer from its data in a few hours using almost 100 cloud computing servers. The cloud now reportedly has a larger carbon footprint than the aviation sector.
Related: The people who target you with cyber scams may themselves be victims of slavery | James Cockayne
I asked Prof. Mariconti whether a solution to the increasing global threat of cyber attacks would be to create stronger internal boundaries within the Internet, so that each country’s firewalls became more like those in China, where the servers handle many international traffic and international websites. to block. “That goes against the logic of the internet,” he replied. “The Internet was born from the idea of being able to communicate around the world without restrictions.” This double-sided quality has existed since the beginning of the Internet: the freedom to roam without borders, and the potential abuse of such freedom.
All the time the Rhysida hackers moved freely through the British Library’s networks, while we sat downstairs in the physical reading rooms, naive to their existence, I wonder if they ever considered the irony of their attacks. The conditions that have allowed them to conduct their trade across the open plains of cyberspace are the conditions they now seek to exploit, by eliminating the possibility of communication and knowledge exchange, stealing and encrypting information, force them to buy back or lose their property. data, and bringing vital institutions such as libraries to their knees – which protect and share all this knowledge so that everyone can access it.